package com.cskt.config;

import com.cskt.shiro.JWTFilter;
import com.cskt.shiro.MyRealm;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;

import javax.servlet.Filter;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;

@Configuration
public class ShiroConfig {
    /**
     * 配置统一的安全管理器
     */


    @Bean(name = "securityManager")
    public DefaultSecurityManager
    getDefaultSecurityManager(@Qualifier("myRealm") MyRealm myRealm) {
        DefaultWebSecurityManager securityManager = new
                DefaultWebSecurityManager();
        securityManager.setRealm(myRealm);
        return securityManager;
    }


    @Bean("myRealm")
    public MyRealm myRealm() {
        return new MyRealm();
    }

    @Bean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultSecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        //添加自定义过滤器并且取名为JWT
        Map<String, Filter> filterMap = new HashMap<>();
        filterMap.put("jwt", new JWTFilter());
        shiroFilterFactoryBean.setFilters(filterMap);
        //指定安全管理器
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        //指定未验证的url
        shiroFilterFactoryBean.setUnauthorizedUrl("/401");
        //指定排除不需要过滤的请求路径，比如登录
        Map<String, String> filterResultMap = new LinkedHashMap<String, String>();
        //value中的unon表示key所指定的路径不需要验证，直接放行
        filterResultMap.put("/api/dologin", "anon");
        // 注册时也要放行
        filterResultMap.put("/swagger-ui.html","anon");
        filterResultMap.put("/swagger-ui.html/**","anon");
        filterResultMap.put("/swagger-resources/**","anon");
        filterResultMap.put("/webjars/**","anon");
        filterResultMap.put("/v2/**", "anon");
        //其他所有请求，全部通过自定义过滤器
        filterResultMap.put("/**", "jwt");
       shiroFilterFactoryBean.setFilterChainDefinitionMap(filterResultMap);
        return shiroFilterFactoryBean;

    }

    /**
     * 开启对注解的支持
     */
    @Bean
    @DependsOn("lifecycleBeanPostProcessor")
    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
        DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
        // 强制使用cglib，防止重复代理和可能引起代理出错的问题

        defaultAdvisorAutoProxyCreator.setProxyTargetClass(true);
        return defaultAdvisorAutoProxyCreator;
    }

    @Bean
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(
            DefaultSecurityManager securityManager) {
                 AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
                    advisor.setSecurityManager(securityManager);
                     return advisor;
    }


}
